Overview

overview

10

Static

static

10

0a984388f7...18.exe

windows7-x64

9

0a984388f7...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a984388f755cedbef29773a1cf9a233_JaffaCakes118

  • Size

    12KB

  • Sample

    241002-pdgk4ayhle

  • MD5

    0a984388f755cedbef29773a1cf9a233

  • SHA1

    ed5407f8c89976172b67d68ac7bd7c55c2917068

  • SHA256

    1bbb5709755dea9fa41ddb5c9c809c9d4bfdbc5a1d8227ffb8638b96bcae5733

  • SHA512

    0881e6086e73c8b204ecd476a60cfb427939a2781019f2b3c7230e13c01ef46477d0ef49f8b6cbad3aebff21a2c2c193384618ae7b0e785914190fc53d6430eb

  • SSDEEP

    192:59/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRM6H/1D:59ebFNw4Pk1itKkpAjjJs6B40W6Hh

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      0a984388f755cedbef29773a1cf9a233_JaffaCakes118

    • Size

      12KB

    • MD5

      0a984388f755cedbef29773a1cf9a233

    • SHA1

      ed5407f8c89976172b67d68ac7bd7c55c2917068

    • SHA256

      1bbb5709755dea9fa41ddb5c9c809c9d4bfdbc5a1d8227ffb8638b96bcae5733

    • SHA512

      0881e6086e73c8b204ecd476a60cfb427939a2781019f2b3c7230e13c01ef46477d0ef49f8b6cbad3aebff21a2c2c193384618ae7b0e785914190fc53d6430eb

    • SSDEEP

      192:59/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRM6H/1D:59ebFNw4Pk1itKkpAjjJs6B40W6Hh

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2161) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks